Don’t be Scammed by a Bogus Request from your “Boss”
Be alert if you get an Email that appears to come from a high-ranking executive and contains a requests a transfer of funds.
This FTC article discusses how scammers are making big money posing as high-ranking executives requesting transfers of funds. These scams may even include Email hacking and phone calls from “The Boss.” The article also provides advice for protecting your company from this scam, including updating your procedures, and educating yourself and your employees.
Knowing when to verify requests for information is important – basically, whenever money or personal information is involved. Employee training is key. Educate your employees about this scam. Provide examples and advice on how to spot a fraudulent message. Also, educate your employees about other scams and methods used to trick them into sending money or personal information. Their tactics don’t stop at Email.
Dara Security offers these additional suggestions:
“For the most protection, if an email looks weird in anyway, follow up with the sender on the phone if you know them. This is the easiest and most cost effective way.
However, accidents happen and there is technology that can help.
A Mobile Device Management solution is very helpful in alerting an administrator of a compromised device and limiting the malware activity. Based on the type of mobile device in use and the mail system used, there are commercial products and in some case free products that may be part of your service if using a cloud-based email service like Google Mail. Google Mail has MDM capability that can limit an intrusion, issue an alert, and allow one to shutdown access. It can even allow for the disablement of the device if it is lost.”
It can be complicated for any business to keep up with all the cyber attacks and payment fraud going on around us, but you must be vigilant. Keep up with your PCI DSS requirements, have a security process and an incident response plan, and train your employees on them. A good ERP system can help with features such as fraud scoring, and it will support your PCI DSS efforts to keep your sensitive data safe.